Azure Virtual Network Gateway VPN Client Connection Cmdlets

Reference for PowerShell cmdlets used to manage VPN client connections to Azure Virtual Network Gateways.

Home > MSDN Documentation > Azure > Reference > PowerShell > Azure Virtual Network Gateway VPN Client Connection Cmdlets

Overview

This document provides a comprehensive reference for PowerShell cmdlets designed to manage and configure VPN client connections for Azure Virtual Network Gateways. These cmdlets enable administrators to deploy, monitor, and troubleshoot VPN client configurations, ensuring secure and reliable connectivity for remote users and branch offices.

Azure VPN Gateway allows you to create a Virtual Network Gateway (VNG) to send encrypted traffic between your on-premises networks and your Azure virtual networks, or between your Azure virtual networks. VPN client connections are crucial for enabling individual users to connect to your Azure resources securely from their devices.

Key Cmdlets

The following cmdlets are commonly used for managing VPN client connections:

Get-AzVpnClientRootCertificate

Description

Retrieves root certificates associated with a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the root certificate to retrieve. No

Example

Get-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup"

Set-AzVpnClientRootCertificate

Description

Adds or updates a root certificate for a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the root certificate. Yes
-PublicCertData The base64 encoded public certificate data. Yes

Example

$certPath = "C:\path\to\MyRootCert.cer"
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certPath)
$publicCertData = [System.Convert]::ToBase64String($cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert))
Set-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "MyRootCert" -PublicCertData $publicCertData

Remove-AzVpnClientRootCertificate

Description

Removes a root certificate from a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the root certificate to remove. Yes

Example

Remove-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "MyRootCert"

Get-AzVpnClientRevokedCertificate

Description

Retrieves revoked certificates associated with a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the revoked certificate to retrieve. No

Example

Get-AzVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup"

Set-AzVpnClientRevokedCertificate

Description

Adds or updates a revoked certificate for a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the revoked certificate. Yes
-Thumbprint The thumbprint of the revoked certificate. Yes

Example

Set-AzVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert01" -Thumbprint "a1b2c3d4e5f67890a1b2c3d4e5f67890a1b2c3d4"

Remove-AzVpnClientRevokedCertificate

Description

Removes a revoked certificate from a VPN client connection configuration.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-Name The name of the revoked certificate to remove. Yes

Example

Remove-AzVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert01"

Get-AzVpnClientConnectionConfiguration

Description

Retrieves the VPN client connection configuration for a virtual network gateway.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes

Example

Get-AzVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup"

Set-AzVpnClientConnectionConfiguration

Description

Configures VPN client connection settings for a virtual network gateway.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-VpnClientAddressPool An array of IP address ranges to assign to VPN clients. No
-VpnClientProtocol The VPN client protocols to enable (e.g., IKEv2, SSTP). No
-RadiusServerAddress The RADIUS server address for authentication. No
-RadiusServerSecret The RADIUS shared secret. No

Example

Set-AzVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientAddressPool "10.0.0.0/24" -VpnClientProtocol "IKEv2"

New-AzVpnClientConnectionConfiguration

Description

Creates a new VPN client connection configuration for a virtual network gateway.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-VpnClientAddressPool An array of IP address ranges to assign to VPN clients. Yes
-VpnClientProtocol The VPN client protocols to enable (e.g., IKEv2, SSTP). Yes

Example

New-AzVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientAddressPool "10.1.0.0/24" -VpnClientProtocol "IKEv2,SSTP"

Remove-AzVpnClientConnectionConfiguration

Description

Removes the VPN client connection configuration from a virtual network gateway.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes

Example

Remove-AzVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup"

Get-AzVpnClientPackage

Description

Retrieves the available VPN client packages for download.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-VpnClientPackageType The type of VPN client package (e.g., VpnClientWindows, VpnClientLinux, VpnClientAzure). No

Example

Get-AzVpnClientPackage -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientPackageType "VpnClientWindows"

Export-AzVpnClientPackage

Description

Exports a VPN client package for a virtual network gateway.

Parameters

Name Description Required
-VirtualNetworkGatewayName The name of the virtual network gateway. Yes
-ResourceGroupName The name of the resource group. Yes
-VpnClientPackageType The type of VPN client package to export (e.g., VpnClientWindows, VpnClientLinux, VpnClientAzure). Yes
-OutputFilePath The path where the client package will be saved. Yes

Example

Export-AzVpnClientPackage -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientPackageType "VpnClientWindows" -OutputFilePath "C:\vpn_client_configs\MyVpnClient.zip"

Quick Links

Related Topics